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| submit this Report in the below-cited action pursuant to Federal Rule of Civil Procedure 
26(a){2)(B) and the Scheduling Order in this case. 


1. BACKGROUND AND QUALIFICATIONS 
1. | ama Senior Vice President in the global Cybersecurity practice group at AlixPartners 
LLP. | have been retained as an expert in the matter of Kleinman v. Wright, Case No. 
9:18-cv-80176 by Dr. Craig Wright, the defendant in this action (“Dr. Wright” or 
“Defendant”) and have been asked to provide my opinion regarding certain questions. 


AlixPartners is being compensated at a rate of $480 per hour for my work in this matter. 


2. | hold a Bachelor of Science in Computer Science from the University of Maryland and a 


Master’s in Technology Management from Georgetown University. 


3. | have been reading and writing code personally and professionally for over 12 years 
and am familiar with many different programming languages, specifically including but 
not limited to C++. | have written code for a variety of clients, including the Department 
of Defense, International Business Machines (IBM), local political campaigns, a school 


district, and a public university, among others. My full CV is attached as Exhibit 4. 


4. | have substantial experience in computer security as it relates to computer 
programming, and | have identified hundreds of vulnerabilities in computer code and 
computer systems during the course of my professional career. Reviewing so much 
code also affords me an understanding of the knowledge and experience required to 


successfully create computer software. 


5. | hold a Certified Ethical Hacker certification, a technical qualification that demonstrates 
expertise in identifying vulnerabilities and other technical weaknesses in computer 


systems, including programming code. 


6. Before AlixPartners | was employed at International Business Machines (IBM) in the 
Federal consulting practice. |BM Federal is often contracted by various agencies of the 
United States Government to perform activities relating to information and technology 
management, including programming and other services. During my tenure at IBM in the 
Cybersecurity & Biometrics practice, | served as a Subject Matter Expert (SME) in the 
areas of cybersecurity and applied cryptography, engaging in matters related to securing 
the process of computer program development and information technology architecture. 
| have worked with both military and civilian agencies, including the Department of 


Defense, among others. | was also part of the Public Service Blockchain team that 
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developed computer programs to explore potential applications of blockchain technology 


with government agencies. 


7. AtAlixPartners | regularly assist clients with technical investigations, forensic analysis, 
and other issues that require expertise in applied cryptography, computer programs, and 
other technical subjects. | regularly speak to law firms and other professional 
organizations regarding computer security, cryptocurrencies, and their implications for 


digital forensics. 


8. As aresult of my skill, experience, training, and education | have expert knowledge in 
the areas of computer security, computer program development, and applied 


cryptography as it relates to blockchain technology. 


Il. QUESTIONS ASKED 
For this report | was asked to inspect certain documents and testimony and provide my 
opinion on whether the decedent, David Kleiman, had the requisite skills and experience to 


have written the original Bitcoin core software application released in 2009. 


ll. EVIDENCE REVIEWED 

9. The resume and professional certification of David Kleiman and supporting documents, 
Bates numbered Kimon_00010690 to Kimon 00010697. 

10. DECLARATION OF DAVID A KLEIMAN, Bates numbered KLEIMAN_00413115 

11. A memorandum from Diane Clark, Human Resources Director for the City of Lake Worth 
Florida to Susan Stanton, City Manager dated August 19, 2009 discussing David 
Kleiman’s qualifications. 

12. The deposition transcripts of Gavin Andresen and Kimon Andreou in this matter. 

13. A web archived copy of David Kleiman’s professional biography found at: 
https://web.archive. org/web/20060519093230/http://s- 
doc.com/company/management.asp 

14. Web archived copies of the S-Lok product technical documentation found at: 
httos://web. archive. org/web/20060523010301/http://s- 
doc.com/medialibrary/other/PDFs/tech_info/slok_tech_overview.pdf and 
https://web. archive. org/web/20060523010600/http://s- 
doc.com/medialibrary/other/PDFs/tech_info/sev_sellsheet.pdf, and 


httos://web.archive.org/web/20080828 130153/http://www.s-doc.com/products/slok.asp 
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15. The Bitcoin client application code, documentation and annotations at 
httos://github.com/bitcoin/bitcoin 
16. The Crypto-Currency Bitcoin and its mysterious inventor, Joshua Davis, The New 
Yorker, October 3, 2011. 
17. A Structural Analysis of Bitcoin, Clemens H. Cap, Department of Computer Science, 
University of Rostock. 
18. Dave Kleiman’s publications, including: 
e Microsoft Log Parser Toolkit; Syngress Publishing; Contributing Author, ISBN 1- 
932266-52-6; (Feb 24, 2005). 
e Security Log Management: Identifying Patterns in the Chaos; Syngress 
Publishing; Contributing Author, ISBN 1-59749-042-3; (Apr 13, 2006). 
e Perfect Passwords: Selection, Protection and Authentication; Syngress 
Publishing; Technical Editor; ISBN 1-59749-041-5; (Dec 25, 2005). 
e Winternals Defragmentation, Recovery, and Administration Field Guide; 
Syngress Publishing; Technical Editor; ISBN 1-59749-079-2; (September 4, 
2006). 
e CD and DVD Forensics: Technical Editor, ISBN 1-59749-128-4; (March 12, 
2007). 
e How to Cheat at Windows System Administration: Contributing Author, ISBN 1- 
59749-105-5; (September 15, 2006). 
e Enemy at the Water Cooler: Real Life Stories of Insider Threats, Technical 
Reviewer, [SBN 1-59749-129-2; (January 7, 2007). 
e Rootkits for Dummies: Forensics Advisor; ISBN 978-0-471-91710-6; (January 30, 
2007). 
e Windows Forensic Analysis Including DVD Toolkit: Technical Editor, ISBN 1- 
59749-156-X: (May 8, 2007). The Official CHFI Study Guide (Exam 312-49): Main 
author, ISBN 1-59749-197-7; (October 8, 2007). 


19. Other documents as referenced in the text below. 


IV. OPINION 
20. The Bitcoin software was first released on January 9, 2009 when version 0.1 was posted 
on the internet by “Satoshi Nakamoto,” the pseudonym used by the code’s original 


author(s). Satoshi also wrote and distributed the original Bitcoin Whitepaper and devised 


Case 9:18-cv-80176-BB Document 488-11 Entered on FLSD Docket 05/08/2020 Page 5 of 13 


Zp 


Par 


23: 


24. 


Zo 


CONFIDENTIAL 


the first blockchain database or “ledger.” Bitcoin version 0.1 is commonly referred to as 


the “reference implementation.” 


Up to and including version 0.1.5, published on February 4, 2009, it is believed that 
Satoshi was the primary author of the code. After that time a wider community of 


programmers became involved and assisted with future development. 


The software code went through at least 20 additional subsequent revisions up to and 
including version 0.3.19 which was released on December 12, 2010, before Satoshi 
Nakamoto retired from the project and turned control of the code over to Gavin 


Andresen. These initial releases are commonly referred to as the "Satoshi Code." 


Gavin Andresen continued to be the lead developer on the Bitcoin source code until 


2017 (Andresen depo 26:14). 


By his own admission in public forums Satoshi worked on the original code alone for at 
least a year and a half before publishing it publicly’, though he may have shared earlier 


private versions with at least 3 people who assisted with its review in late 2008. 


The Satoshi Code was written in the C++ programing language. C++ Is an object- 
oriented programming language that can generate very efficient, very fast programs. 
However, it is also notorious for being a very difficult programming language to learn and 
an even more difficult programming language to write. Being an object-oriented 
language it requires programmers to create and destroy objects constantly. It also has 
no built-in memory management functionality which is why C++ is known as a “memory 
unsafe” language. It is up to the programmer to manually take care of memory 
management to avoid issues such as memory leaks and dangling references which will 
cause a program to crash or present security vulnerabilities. Writing C++ code that does 
not exhibit these issues is extremely hard. Most other object-oriented languages 
abstract memory management by using a mechanism called a garbage collector, 
therefore taking this manual task out of the hands of the programmer, but not C++. The 
requirement to constantly be aware of memory allocation and deallocation, to make sure 
that every object is freed once and only once, and to never keep a pointer to a freed 


object, makes C++ a much more challenging experience than most every other 


1 See Satoshi Nakamoto (17 November 2008). "Re: Bitcoin P2P e-cash paper 2008-11-17 
16:33:04 UTC". Satoshi Nakamoto Institute at 
https://satoshi.nakamotoinstitute.org/emails/cryptography/15/. Last retrieved April 3, 


2020: 
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programming language. In contrast to most other programming languages, the 
requirement to manually manage memory allocations and utilize memory pointers 
requires knowledge of specific programming techniques. These and other features of 
C++ make it much less programmer-friendly than most other languages and is often 
criticized by even experienced programmers as being incredibly complex and unwieldly. 


It is especially unfriendly to those who "know just enough to be dangerous." 


A review of the original Bitcoin code shows that it was written by somebody with deep 
expertise and experience in the C++ language. In fact, world renowned C++ coder 
Gavin Andresen, the lead programmer on the Bitcoin project development team for at 
least four years, who routinely interacted with Satoshi until he stepped away, and who is 
intimately aware of Satoshi’s code writing skills referred to him as “definitely a top 10 
percent programmer” (Andresen depo at 210:3). Naturally it would be expected that 
someone in the top 10 percent of a field would have extensive experience and 
background in activities directly related to that field. The expertise demonstrated in the 
original Bitcoin code goes beyond what is expected by even a typical programmer. 
Development of bitcoin required a deep fundamental understanding of cryptography as 
well as advanced knowledge of data structures, programming algorithms, networking, 
computer hardware, and specialized programming techniques. The expertise required to 
write C++ code that reflects this knowledge is difficult to attain and would many require 


years of hands on programming experience and training. 


Other industry leading programmers have also made similar public assessments. Dan 
Kaminsky, a leading Internet-security researcher, is famous among hackers for 
discovering, in 2008, a fundamental flaw in the Internet Domain Name System which 
would have allowed a skilled coder to take over any Web site. He is also regarded as 
one of the world’s best experts for testing software errors and weaknesses. In July 2011 
he dug deeply into the Bitcoin software in an attempt to uncover its weaknesses. 
Kaminsky found none he could exploit. This attempt is recounted in a New Yorker 


article, in which he was interviewed on the subject by the author, Joshua Davis. 


In this same article, Kaminsky, after noting that the programming style was dense and 
inscrutable is quoted as claiming, “the way the whole thing was formatted was insane. 
Only the most paranoid, painstaking coder in the world could avoid making mistakes.’ 


He then went on to proclaim, ““He’s a world-class programmer, with a deep 
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understanding of the C++ programming language. He understands economics, 


cryptography, and peer-to-peer networking.” 


29. David Kleiman had experience in computer forensics with a specific background in 
Windows operating system security and electronic discovery for litigation support. None 
of the information regarding the professional or personal life of David Kleiman shows 
that he was a skilled programmer in any language, let alone an advanced language such 
as C++, nor even a novice C++ programmer. His background and certifications show 
familiarity with utilizing tools that are programmed by others and then analyzing the data 
produced by those programs. Developing the bitcoin software requires an entirely 
different set of skills than the ones listed in the documents reviewed for David's 


background. 


30. | have reviewed David Kleiman’s resume and professional certification produced as 
Bates numbers Kimon_00010690 to Kimon_00010697. That resume shows that he was 
self-employed as a computer forensic investigator from 1997 until his death in 2013. 
This work entailed assisting legal counsel and their clients in legal disputes and 
investigations to recreate and opine on facts gleaned from digital evidence. Much of the 
experience described is managerial and supervisory in nature, and none includes any 
computer programming in any language at all. Many of the tools involved with computer 
forensics are driven by user interfaces and do not require advanced knowledge of the 
underlying programming language in order to extract forensic information. For example, 
in a report submitted to a Palm Beach court he details a forensic examination performed 
in the matter of Lighthouse Investment Partners v. Stacey Tenen. In it, Kleiman says he 
specializes in “computer forensics, data security, and analysis.” (Exhibit 1, page 1) 
Nowhere in the report does he make reference to, or demonstrate experience in, topics 


related to computer programming or C++. 


31. David Kleiman also worked as the Chief Information Security Officer for a software 
company called Securit-e-doc, Inc. for several years in early the 2000's. | have reviewed 
the professional biography included in an archived copy of the company’s website which 
is attached as Exhibit 2 to this report. That biography describes the work he undertook 
at Securit-e-doc as also including a role as product manager for the S-Lok product. In 
this role his work is describes as “supervis[ing] the development of our Windows 
operating system lockdown tool...." This description is consistent with the deposition 


testimony of Kimon Andreou, a colleague of David Kleiman, who worked with him at 
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Securit-e-doc and wrote the code for the product. (Andreou depo at 16:14). Mr. Andreou 
also testified that David Kleiman did not know how to write any complex code beyond 
simple scripts and “needed help many times on creating a simple program’. (Andreou 
depo at 57:5-6). Andreou, who worked closely with Kleiman during their time at Securit- 
e-doc, states that Kleiman was “not a programmer” (Andreou depo at 9:19). In fact, the 
main product was developed by Andreou taking David's logic to “put in a program’ to 


automate certain administration tasks. (Andreou depo at 9:14-15). 


According to documentation from the archived Securit-e-doc website, the S-Lok product 
was a security administration tool used to secure networked Windows servers. The 
product was only available commercially for a few years before the company closed 
down. The S-Lok product enabled system administrators to set certain configuration 
settings on Windows servers in alignment with security guidelines offered by industry 
leaders such as Microsoft. A configuration setting allows users of a program (or 
operating system) to specify conditions or values that are then acted upon by the 
program. Knowledge of specific configuration settings, such as the ones offered by S- 


Lok, does not require the requisite knowledge of the underlying program language. 


David Kleiman also worked for one year as the Vice President of Technical Operations 
for a small startup company called Intelliswitch. According to his resume, he oversaw 
the development of a voice-over-IP telephone network, maintained internet services, and 
provided other IT management for the company. None of this work describes computer 


programming or C++ language skills. 


Prior to 1997 David Kleiman worked for three years as the Director of IT for a large 
construction company maintaining and securing their network infrastructure, and three 
years as a police officer for the Palm Beach police force where he also had some IT 
administration duties. He also spent time in the Army in Aviation Logistics. None of the 


roles included work as a computer programmer or coding in C++. 


David Kleiman also lists 10 publications on his resume. A review of these publications 
shows that for more than half of these his role was simply providing technical review and 
or technical editing for the primary authors. In one publication he served as a “forensic 
advisor.” In three others Kleiman was a co-author, in one case only writing one section 
of the book. The publications focus primarily on how to utilize existing popular tools to 


administer computer systems, review log data, or collect forensic information. None of 
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these publications discuss or cover C++ programming and none of the work effort of 


David Kleiman on these publications included programming skills in C++. 


David Kleiman also listed eleven professional certifications in his resume and various 
professional biographies that were reviewed. These include six certifications relating to 
systems security, one on system engineering, one on anti-terrorism, and three relating to 
computer forensics (evidence collection, examination and handling). None of these 
certifications relate to computer programming nor experience in C++. Many of the 
certifications demonstrate proficiency in the ability to use pre-packaged tools in the 
course of forensic investigations. Others are focused exclusively on non-technical skills 
such as management. In his deposition testimony, his close friend and colleague Kimon 
Andreou, also stated that Dave Kleiman was very proud of his certifications and liked to 
collect as many as he could. (Andreou depo at 16:1). Given this, it is reasonable to 
assume that he would have also listed any credentials, training or certification related to 
computer programming if he had them. None of the certifications listed require 
knowledge or experience in advanced C++ programming as part of the certification 


process. 


David Kleiman also lists eleven professional affiliations on his resume. Again these all 
relate to organizations for computer forensics and security professionals and do not 
require demonstrating proficiency with any programming language as a requirement for 


membership. He lists no affiliations relating to computer programmers or C++ coding. 


Between 1983 and 1992 David Kleiman attended courses at four different institutions 
which are also listed on his resume. He did not earn any college undergraduate or 
graduate degrees. None of the course work listed includes any relating to computer 


programming or C++ coding. 


| also reviewed the biographical information and service offerings from archived versions 
of Dave Kleiman’s website at DaveKleiman.com. This website was used for his 
computer forensics business which he ran from 1997 until his death. The archive 
reviewed was from May 30, 2009. This would have been during the same period that 
Satoshi Nakamoto was busy revising the early versions of the Bitcoin Software. The 
descriptions of Dave Kleiman’s background and experience and the services he offered 
to provide on his website are consistent with the experience and skills described above. 
They focused on computer forensic services for litigation support and computer security 


consulting services. Nowhere on the site was there any mention of computer 
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programming services or experience, Bitcoin, or C++ coding, in any form. There are also 
no references to any code repositories, links to programs created by Kleiman, or any 
other indication that programming was an activity that Kleiman performed on a regular 
basis. Further, nothing in Kleiman’s background would indicate a deep understanding of 
economics, a key piece noted by Dan Kaminsky in the assessment of original Bitcoin 


code. The pages viewed are attached to this report as Exhibit 3. 


It is my understanding that Dave Kleiman suffered significant financial difficulties in the 
last few years of his lifetime. At times he “would be behind on his mortgage payments” 
so much that he feared foreclosure and his utility bills were in arrears, among other 
issues (Andreou Depo 18:7, 26:13). The average salary in 2013 for a person with top- 
class C++ programming skill as are exhibited by Satoshi Nakamoto, was well in excess 
of $100,000.2 Top C++ coders were in very high demand at that time and to this day are 


considered to be well compensated. 


Based on all the above information, it is my opinion that the development of the Satoshi 
Code for the Bitcoin software by Dave Kleiman would be highly inconsistent with his 


skills and experience. 


V. RESERVATIONS 


| reserve all rights to modify or supplement this Report if | become aware of any errors 
or misstatements, or if | become aware of other data or other evidence relevant to my 


position. 


| also reserve all rights to respond to any statements made by the Plaintiffs, witnesses 
or expert witnesses to which a response is appropriate. 


| understand that several depositions remain to be taken in this matter. | may also 
modify or supplement my opinions in view of opinions or arguments made by any 
person, including Plaintiffs’ counsel and anyone engaged by Plaintiffs to provide 
opinions. 


| may also modify or supplement my opinions if the Court provides litigants with any 
pertinent additional rulings. 


| may expand or modify my opinions as my investigation and study continues and 
supplement my opinions in light of any relevant orders from the Court or in response to 
any additional information | review, and matters the Plaintiffs raise, or any opinions 
Plaintiffs’ experts may provide. 


2 See, https://www.glassdoor.com/Salaries/software-engineer-c-developer-salary- 
SRCH_KOO,29.htm 
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lf called to testify at trial or a hearing in this case, | may use documents and/or materials 
to help me explain my points and opinions. | may also prepare and use graphics, 
images, photographs, video recordings, animations, and other presentation aids to help 
me explain my points and opinions. | may also use images, photographs, graphics, 
animations, and other presentation aids prepared by other witnesses to help me explain 
my points and opinions. 


Dated: 10 April 2020, Washington, DC 
By: 





Kevin Madura 


ata 
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EDUCATION 
University of Maryland 
Bachelor of Science, Computer Science; Minor in Leadership Studies 
Awards: Corporate Scholars Scholarship, Order of Omega 


Georgetown University 
Master of Professional Studies, Technology Management 
Capstone: “Smart Traffic: Controlling Congestion with Technology” 


RELATED EXPERIENCE 
independent Research 
Discovered a software vulnerability, CVE-2009-0499, which was a “cross-site request forgery (CSRF} 
vulnerability in the Moodle forum software that allows remote attackers to delete or modify data.” 


IBM 

Cybersecurity Consultant - Cryptography SME 

Provided subject matter expertise in areas of cryptography, secure coding, and vulnerability 
management for entities within the Department of Defense. 


Deployed technical solution to verify identity of soldiers using Common Access Cards (CAC) using 
cryptographic primitives such as SHA256 and public key cryptography,in alignment with NIST 800-53. 


Hosted “lunch & learns” to educate colleagues on secure coding methodologies and case studies. 


IBM 

Blockchain Identity Expert: Federal Agency 

Primary architect of enterprise identity solution based on blockchain technology, which included 
validating the proper use of cryptography and secure coding methodology. 


IBM 
Blockchain Programmer: USPS 
Led development of blockchain implementation and smart contract coding for government 


blockchain pilot programs. 


AlixPartners 
Senior Vice President, Cybersecurity Practice 
Advise clients on cybersecurity matters, ranging from technical implementation issues to executive 


risk management functions, 


Performed forensic investigation for mobile application development company to determine 
exposure of malicious code and vulnerable software development kits. 


Member of blockchain industry team tasked with exploring applications of distributed ledger 
technology for enterprise clients, implementing cryptocurrency coins, and proper management of 
Bitcoin wallets. 


CERTIFICATIONS 


Certified Ethical Hacker 
Credential ID ECC39758882107 


CONFERENCE PRESENTATIONS 


Armed Forces Communications and Electronics Association 

Cybersecurity in the World of Blockchain and Cryptocurrency 

A discussion on the applicability of implementing blockchain technology, based on Bitcoin, for use 
within the US military. 


2010-2014 


2015-2017 


2009 


2014 - 2018 


2017 


2017 - 2018 


2018 - 


2018 


2018 
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AlixPartners 

Procurement Forum 2018 
Explained the potential application of blockchain technology in a business setting to procurement 

executives at an event hosted by AlixPartners. 


Center for Professional Education 

Managing Cyber Risk 2018 
Hosted a session focused on managing cyber risks with emerging technologies such as blockchain 

and cryptocurrencies. 


Center for Professional Education 
Blockchain & Cryptocurrencies 2019 
A presentation detailing the inner workings of blockchain technology and how Bitcoin spawned 


thousands of alternative cryptocurrencies. 


PUBLICATIONS AND PAPERS 


Blockchain 101: What is it? 
LinkedIn Article 2017 


How Cybersecurity Risk is Disrupting the M&A Landscape 


AlixPartners 2029 
AWARDS 

Corporate Scholars Scholarship 2013 

IBM Manager’s Choice Award (14) 2016 — 2017 

IBM Global Business Services Excellence Award 2017 


MEMBERSHIPS 
Armed Forces Communications and Electronics Association (Inactive) 


EC-Council 
Washington DC Cyber Security for Control Systems 


TECHNICAL SKILLS 
Computer programming tanguages (C, C#, Go, Java, Bash, Python, Javascript, PHP, Ruby) 
Computer systems (Linux, Windows, Mac OS) 
Applied cryptography 
e Asymmetric encryption (elliptic curve, RSA) 
e Symmetric encryption 
e Public key infrastructure, X.509 certificate management 
° Hashing (HMAC, MDS, SHA family, etc.) 
° Transport Layer Security (ciphersuite selection, configuration) 
Blockchain analysis 
° Personal research reviewing academic papers covering Bitcoin blockchain analysis techniques 
e Developed code to parse information from the Bitcoin blockchain 
° Study of industry materials, cryptography textbooks (e.g. Applied Cryptography by Bruce Schneier) 
Secure application coding techniques 
e Web application security (OWASP Top 10, SANS Institute best practices) 
Vulnerability detection 
° Software applications, cryptographic weaknesses, common code vulnerabilities 
Computer network security 
e Denial of service attack methods, interception/manipulation of traffic, networking protocols (TCP, UDP) 
System administration 
° Patching methodology, configuration hardening 


LANGUAGES 


English— native language 


